Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #231 -- Hacktivism a genuine threat: DBIR

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is a chat with Verizon Business Security Solutions' Bryan Sartin about the annual Data Breach Investigations Report, or DBIR.

Risky Business covers the report [pdf] every year.

It's basically a post mortem of the previous year -- what sort of records were breached and by who? What were their motivations? What were their techniques?

The US Secret Service cooperates with the report, as does Australia's own Federal Police. When you throw in Verizon's own caseload, you wind up with something approaching an authoritative report. It's rare for a vendor to actually put out something this good.

The 2012 report, which focuses on 2011 incidents, arrived at a very interesting conclusion -- in 2011, more records were breached by hacktivists than criminals.

In this week's sponsor interview we chat with RSA Australia's acting country manager Geoff Noble. Geoff normally heads up sales, but don't hold that against him, because as you'll hear he's actually got a deep understanding of trends in enterprise security.

I got Geoff on the phone earlier this week and asked him to tell us what trends emerged at the most recent RSA conference in San Francisco.

Risky Business #231 -- Hacktivism a genuine threat: DBIR
0:00 / 51:18

Risky Business #230 -- Can security tester accreditation work?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with Alastiar MacGibbon, CEO of CREST Australia -- the Council of Registered Ethical Security Testers.

In the UK CREST is a big deal, and now it's on its way to Australia and NZ. There's even a similar organisation in the USA that is doing things the CREST way. So this approach could actually become a worldwide, accepted accreditation for security testers.

I know one extremely capable tester who flew over to the UK to take the CREST tests and wound up flunking the team leader portion of one of them, so it's not your typical rubber stamp.

But! With such a lack of talented security testers out there, it seems possible from where I sit that CREST may have to lower its standards to get enough people certified. And security is such a fast moving discipline -- how will we ensure that CREST certified testers have current skills?

That's this week's feature.

Adam Boileau, as always, stops by to chat about this week's news headlines.

Risky Business #230 -- Can security tester accreditation work?
0:00 / 35:40

Risky Business #229 -- Adrian Lamo on the LulzSec arrests

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're catching up with Mr. Popular himself, Adrian Lamo.

Adrian is best known as the guy who turned in alleged Wikileaks source Bradley Manning, but he also has some very interesting perspectives on the LulzSec arrests.

This week's show is sponsored by Tenable Network Security! In this week's sponsor interview Tenable product Manager Jack Daniel will be along to chat about a recent Tenable Webinar that was all about the internal politics of security. If you're struggling to get your colleagues on side, you want to listen to that interview!

Adam Boileau, as always, joins the show to discuss the week's news.

Risky Business #229 -- Adrian Lamo on the LulzSec arrests
0:00 / 66:39

Risky Business #228 -- Wikileaks the new Anonymous?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week we'll be joined by Wired.com's news editor Kevin Poulsen for a chat about the big news of the week -- Wikileaks' gigantic dump of private intelligence contractor STRATFOR's allegedly stolen e-mails.

This week's show is sponsored by Adobe, and Adobe's head of product security, Brad Arkin, will be along to discuss the way ISV's view white-hat research. You might love your latest sandbox bypass technique, but he doesn't! That's this week's sponsor interview with Adobe's Brad Arkin.

As always, Adam Boileau stops by for a check of the week's news headlines.

Risky Business #228 -- Wikileaks the new Anonymous?
0:00 / 57:49

Risky Business #227 -- Surveillance, the state and fascism

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview you'll hear part two of my interview with In-Q-Tel's CSO Dan Geer. We chat with Dan about electronic surveillance, the state, fascism and even the "digital Amish".

He is, as always, fascinating.

This week's edition of the show is brought to you by Hacklabs, an Australian penetration testing firm. Some homegrown support! Thanks, guys.

Hacklabs very own Chris Gatford will be along in this week's sponsor interview to have a chat about Glenn Mangham, the Brit who's now serving a prison term for hacking Facebook despite his claim to be all very, very white-hatty.

Adam Boileau, as always, checks in to discuss the week's news headlines.

Risky Business #227 -- Surveillance, the state and fascism
0:00 / 64:07

Risky Business #226 -- "Digital Exhaust" with Dan Geer

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we chat with information security legend Dan Geer about traffic analysis and "digital exhaust".

Everything we do online produces a tonne of metadata. What can be inferred through the analysis of this metadata and who's likely to analyse it?

Part one of my chat with Dan Geer is this week's feature interview.

This week's show is sponsored by RSA Security, the security division of EMC.

So in this week's sponsor interview we're chatting with RSA's Mason Hooper about the company's 2012 Cybercrime Trends Report. Is Zeus still Zeusy? Still Godlike? We'll find out at the back of this week's show.

Adam Boileau, of course, drops in to discuss the week's news headlines.

Risky Business #226 -- "Digital Exhaust" with Dan Geer
0:00 / 62:09

Risky Business #225 -- Will DMARC actually help anyone?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're taking a look at the DMARC anti-phishing effort. we mentioned it on the news last week, but we're going to get into it properly with our good buddy Paul Ducklin. He's along after the news.

This week's show is sponsored by Tenable Network Security.

Tenable's chief executive Ron Gula will be along in this week's sponsor interview to chat about the theft of Symantec's source code. He doesn't think it's a world ender, and you know what, he's probably right! He's along after this week's feature interview.

There's also plenty of news to discuss with our news co-host Adam Boileau!

You can "like" Risky Business on Facebook here.

Find Patrick Gray on Twitter here.

Risky Business #225 -- Will DMARC actually help anyone?
0:00 / 61:22

Risky Business #224 -- Lost source and open relays: 2012 is here

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Risky Business is back for 2012! This week's edition of the show is sponsored by Adobe.

And as it's our first week back we're focussing mostly on catching up on the news of the last six weeks or so. Between McAfee turning its customers into open relays -- that wound up being used by spammers -- and Symantec realising its source code walked six years ago, it's been a cracking start to the year.

Risky Business news co-host Adam Boileau joins the show to run through the key highlights of the last six weeks.

Also in this week's show, Adobe's product security chief Brad Arkin joins the show to talk about the virtues of silent patching. Brad's been on board with Adobe since 2008 and says the company has actually made progress in the product security arena. Have a listen to him and judge for yourself!

The production of this week's show did not go smoothly. My SSD died, with the entire, unedited show on it. Two people really, really helped out and saved this week's podcast.

Adam Pointon donated a couple of hours of his Tuesday evening and managed to recover the interviews from the dead drive. Massive thanks to him. Jonathan Wrigley of Xero Computing in Calrton let me use one of his display systems to finish cutting together the show.

So big, big thanks to both of them. If you live in Melbourne, by all means pop into Jonno's shop and pick up some stuff for your Mac. Enjoy the show!

Risky Business #224 -- Lost source and open relays: 2012 is here
0:00 / 54:20

Risky Business #223 -- Summer edition: Drones pwned?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This is a special summer edition of the Risky Business podcast. There's no feature interview or sponsor interview -- just Adam Boileau and Patrick Gray discussing the most interesting security news items of the last three weeks, including:

  • Did Persians pwn Drones?
  • Bradley Manning faces court
  • HP to face printer vulnerability lawsuit
  • Could the USA's SOPA law break DNSSEC?
  • GlobalSign says its CA systems were never compromised
  • New guidelines for issuance of SSL certs
  • Microsoft to silently update IE in 2012
  • Fun fact: Ukranian general arrested for online fraud
  • Putin's Twitterbots drown anti-regime hashtags
  • Mexican government dismantles Los Zetas' massive comms network
  • CNet's Download.com bundles crapware with nmap
Risky Business #223 -- Summer edition: Drones pwned?
0:00 / 32:43

Risky Business #222 -- Never pay for roaming data again

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

I thought we'd just have a bit of a fun feature for the last show of the year. It's an interview with Edith Cowan University's Peter Hannay about a presentation he did at Ruxcon back in 2010, all about turning Amazon's Kindle into a completely free internet access device that works all over the world.

That's right, no subscriber fees and 3G access in a zillion countries.

He'll tell you how you can hack your kindle to use it as a completely free USB Internet access device pretty much anywhere in the world. No more data roaming for you! W00t w00t! SSH everywhere!

Astaro's Angelo Comazzetto takes a look back on Sony's 2011 woes in this week's sponsor interview and Adam Boileau joins us, as always, to discuss the week's news.

Peter Hannay's Kindle code can be found here.

Risky Business #222 -- Never pay for roaming data again
0:00 / 54:52